dependabot-python 0.107.29 → 0.107.30

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/python/update_checker/index_finder.rb +26 -1
  3. data/lib/dependabot/python/update_checker/latest_version_finder.rb +1 -1
  4. data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb +0 -33
  5. data/lib/dependabot/python/update_checker/poetry_version_resolver.rb +0 -49
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: df353b2040be543f084934407f04c1782139b91186d10caed3e974076098c269
4
- data.tar.gz: 25f591e50432ee5d8a58ff3310897092f11e18b666cdfb0c5e84e32e2504fb15
3
+ metadata.gz: ad7594255569680eeb99d23ae923518ae03626c9175fbfd74a8c2de6b2e30516
4
+ data.tar.gz: 01b0f734d5c59c70818e9e095ce71e05960989471a7549444e71744a5a98e35c
5
5
  SHA512:
6
- metadata.gz: dc4d34fa5269805adf5d7d91dc20dd0297e938bf79c8e43c017804dddc65795bd5e1c7b0ac1a3ff21514040503c83831b7fd70a57393849d2bc18f013b0effb7
7
- data.tar.gz: f819ca462c000d01739c43b480e1fa88d26a031aabbb939677368f4e13baefe9ca96c51d884877370ee2f25fd28459f8e20317b3739541f36be18c9de5143007
6
+ metadata.gz: 215dfcb94fabeec7f58e7bdab73326b71236fe62ab1f1d4e89b748c201aafdc563158da8e1d0c1cda33ffe636d41a98a900fc886bad5e301cc7e387b2ca213ee
7
+ data.tar.gz: 2d7912b3e13a1ff0eb22fe6b0b326ebaa753de1dee63db3e37829d62158f9a66dd7e00961c6656ede146bb29cd4a5f23acd89d10a2c217b4d3ee8d18ce422b9d
data/lib/dependabot/python/update_checker/index_finder.rb CHANGED
@@ -21,7 +21,8 @@ module Dependabot
21
21
  config_variable_index_urls[:extra] +
22
22
  pipfile_index_urls[:extra] +
23
23
  requirement_file_index_urls[:extra] +
24
- pip_conf_index_urls[:extra]
24
+ pip_conf_index_urls[:extra] +
25
+ pyproject_index_urls[:extra]
25
26
 
26
27
  extra_index_urls = extra_index_urls.map do |url|
27
28
  clean_check_and_remove_environment_variables(url)
@@ -45,6 +46,7 @@ module Dependabot
45
46
  pipfile_index_urls[:main] ||
46
47
  requirement_file_index_urls[:main] ||
47
48
  pip_conf_index_urls[:main] ||
49
+ pyproject_index_urls[:main] ||
48
50
  PYPI_BASE_URL
49
51
 
50
52
  return unless url
@@ -102,6 +104,29 @@ module Dependabot
102
104
  urls
103
105
  end
104
106
 
107
+ def pyproject_index_urls
108
+ urls = { main: nil, extra: [] }
109
+
110
+ return urls unless pyproject
111
+
112
+ sources =
113
+ TomlRB.parse(pyproject.content).dig("tool", "poetry", "source") ||
114
+ []
115
+
116
+ sources.each do |source|
117
+ if source["default"]
118
+ urls[:main] = source["url"]
119
+ else
120
+ urls[:extra] << source["url"]
121
+ end
122
+ end
123
+ urls[:extra] = urls[:extra].uniq
124
+
125
+ urls
126
+ rescue TomlRB::ParseError, TomlRB::ValueOverwriteError
127
+ urls
128
+ end
129
+
105
130
  def config_variable_index_urls
106
131
  urls = { main: nil, extra: [] }
107
132
 
data/lib/dependabot/python/update_checker/latest_version_finder.rb CHANGED
@@ -134,7 +134,7 @@ module Dependabot
134
134
  rescue Excon::Error::Timeout, Excon::Error::Socket
135
135
  raise if MAIN_PYPI_INDEXES.include?(index_url)
136
136
 
137
- raise PrivateSourceAuthenticationFailure, sanitized_url
137
+ raise PrivateSourceTimedOut, sanitized_url
138
138
  end
139
139
  end
140
140
 
data/lib/dependabot/python/update_checker/pipenv_version_resolver.rb CHANGED
@@ -44,8 +44,6 @@ module Dependabot
44
44
  @dependency = dependency
45
45
  @dependency_files = dependency_files
46
46
  @credentials = credentials
47
-
48
- check_private_sources_are_reachable
49
47
  end
50
48
 
51
49
  def latest_resolvable_version(requirement: nil)
@@ -442,31 +440,6 @@ module Dependabot
442
440
  parsed_pipfile.dig("requires", "python_version")
443
441
  end
444
442
 
445
- def check_private_sources_are_reachable
446
- sources_to_check =
447
- pipfile_sources.reject { |h| h["url"].include?("${") } +
448
- config_variable_sources
449
-
450
- sources_to_check.
451
- map { |details| details["url"] }.
452
- reject { |url| MAIN_PYPI_INDEXES.include?(url) }.
453
- each do |url|
454
- sanitized_url = url.gsub(%r{(?<=//).*(?=@)}, "redacted")
455
-
456
- response = Excon.get(
457
- url,
458
- idempotent: true,
459
- **SharedHelpers.excon_defaults
460
- )
461
-
462
- if response.status == 401 || response.status == 403
463
- raise PrivateSourceAuthenticationFailure, sanitized_url
464
- end
465
- rescue Excon::Error::Timeout, Excon::Error::Socket
466
- raise PrivateSourceTimedOut, sanitized_url
467
- end
468
- end
469
-
470
443
  def run_command(command, env: {})
471
444
  start = Time.now
472
445
  command = SharedHelpers.escape_command(command)
@@ -528,12 +501,6 @@ module Dependabot
528
501
  end
529
502
  end
530
503
 
531
- def pipfile_sources
532
- @pipfile_sources ||=
533
- TomlRB.parse(pipfile.content).fetch("source", []).
534
- map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
535
- end
536
-
537
504
  def pipenv_env_variables
538
505
  {
539
506
  "PIPENV_YES" => "true", # Install new Python ver if needed
data/lib/dependabot/python/update_checker/poetry_version_resolver.rb CHANGED
@@ -14,7 +14,6 @@ require "dependabot/python/native_helpers"
14
14
  require "dependabot/python/python_versions"
15
15
  require "dependabot/python/authed_url_builder"
16
16
 
17
- # rubocop:disable Metrics/ClassLength
18
17
  module Dependabot
19
18
  module Python
20
19
  class UpdateChecker
@@ -33,8 +32,6 @@ module Dependabot
33
32
  @dependency = dependency
34
33
  @dependency_files = dependency_files
35
34
  @credentials = credentials
36
-
37
- check_private_sources_are_reachable
38
35
  end
39
36
 
40
37
  def latest_resolvable_version(requirement: nil)
@@ -302,31 +299,6 @@ module Dependabot
302
299
  category == "dev" ? "dev-dependencies" : "dependencies"
303
300
  end
304
301
 
305
- def check_private_sources_are_reachable
306
- sources_to_check =
307
- pyproject_sources +
308
- config_variable_sources
309
-
310
- sources_to_check.
311
- map { |details| details["url"] }.
312
- reject { |url| MAIN_PYPI_INDEXES.include?(url) }.
313
- each do |url|
314
- sanitized_url = url.gsub(%r{(?<=//).*(?=@)}, "redacted")
315
-
316
- response = Excon.get(
317
- url,
318
- idempotent: true,
319
- **SharedHelpers.excon_defaults
320
- )
321
-
322
- if response.status == 401 || response.status == 403
323
- raise PrivateSourceAuthenticationFailure, sanitized_url
324
- end
325
- rescue Excon::Error::Timeout, Excon::Error::Socket
326
- raise PrivateSourceTimedOut, sanitized_url
327
- end
328
- end
329
-
330
302
  def pyproject
331
303
  dependency_files.find { |f| f.name == "pyproject.toml" }
332
304
  end
@@ -375,28 +347,7 @@ module Dependabot
375
347
  def normalise(name)
376
348
  name.downcase.gsub(/[-_.]+/, "-")
377
349
  end
378
-
379
- def config_variable_sources
380
- @config_variable_sources ||=
381
- credentials.
382
- select { |cred| cred["type"] == "python_index" }.
383
- map do |h|
384
- url = AuthedUrlBuilder.authed_url(credential: h)
385
- { "url" => url.gsub(%r{/*$}, "") + "/" }
386
- end
387
- end
388
-
389
- def pyproject_sources
390
- sources =
391
- TomlRB.parse(pyproject.content).dig("tool", "poetry", "source") ||
392
- []
393
-
394
- @pyproject_sources ||=
395
- sources.
396
- map { |h| h.dup.merge("url" => h["url"].gsub(%r{/*$}, "") + "/") }
397
- end
398
350
  end
399
351
  end
400
352
  end
401
353
  end
402
- # rubocop:enable Metrics/ClassLength
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-python
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.107.29
4
+ version: 0.107.30
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.107.29
19
+ version: 0.107.30
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.107.29
26
+ version: 0.107.30
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: byebug
29
29
  requirement: !ruby/object:Gem::Requirement